GDPR COMPLIANCE

DATAPROTECTION &PRIVACY RIGHTS

Comprehensive information about your data protection rights under the General Data Protection Regulation (GDPR) and how we ensure compliance with European privacy laws.

EU Regulation 2016/679
Effective: May 25, 2018

GDPR Navigation

GDPR Overview

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It strengthens and unifies data protection for individuals within the European Union (EU) and addresses the export of personal data outside the EU.

Our Commitment

  • Full GDPR compliance
  • Transparent data practices
  • Respect for your rights
  • Data protection by design

Scope & Application

  • EU residents worldwide
  • Cross-border data transfers
  • All personal data processing
  • Automated decision-making

Your GDPR Rights

Under GDPR, you have several fundamental rights regarding your personal data. Here's how you can exercise these rights with IbePlus:

Right to Access

Request a copy of your personal data we hold

You can request confirmation of whether we process your personal data and obtain a copy of it

Within 1 month

Right to Rectification

Correct inaccurate or incomplete personal data

You can request correction of inaccurate data or completion of incomplete data

Within 1 month

Right to Erasure

Request deletion of your personal data

Also known as 'right to be forgotten' - request deletion when data is no longer necessary

Within 1 month

Right to Restrict Processing

Limit how we process your personal data

Request restriction of processing while we verify accuracy or assess lawfulness

Within 1 month

Right to Data Portability

Receive your data in a portable format

Obtain your data in a structured, commonly used format for transfer to another controller

Within 1 month

Right to Object

Object to certain types of processing

Object to processing based on legitimate interests, direct marketing, or scientific research

Immediately

Lawful Basis for Processing

Under GDPR, we must have a lawful basis for processing your personal data. Here are the legal grounds we rely on:

Consent

You have given clear consent for us to process your personal data

Examples:
Newsletter subscriptions
Marketing communications
Optional cookies

Contract

Processing is necessary for a contract you have with us

Examples:
Service delivery
Account management
Payment processing

Legal Obligation

Processing is necessary for us to comply with the law

Examples:
Tax records
Regulatory compliance
Legal proceedings

Legitimate Interests

Processing is necessary for our legitimate interests

Examples:
Fraud prevention
Network security
Business analytics

Data Protection Measures

We implement comprehensive technical and organizational measures to ensure the security and protection of your personal data:

Encryption

End-to-end encryption for all data transmission and storage

Implementation:

AES-256 encryption, TLS 1.3, encrypted databases

Access Control

Strict access controls and authentication systems

Implementation:

Multi-factor authentication, role-based access, regular audits

Data Minimization

We only collect and process necessary data

Implementation:

Purpose limitation, storage limitation, regular data reviews

Secure Infrastructure

Enterprise-grade security infrastructure

Implementation:

ISO 27001 certified, SOC 2 compliant, regular penetration testing